Problems running about:buster 4.0??????

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Halo_05, Dec 19, 2004.

  1. Halo_05

    Halo_05 Private E-2

    I am trying to remove the "only the best" and "about: blank" hijacks from my system.

    I followed all the posted precedures about downloading the listed spyware programs first, and everything ran great until I tried to use the "about:buster" program. I keep getting a "missing or corrupted files" error message???

    I did download "hijack this" today just to save the log file.

    Please can anyone help? I don't know where to go from here :confused:

    Thanks,
    Halo
     
    Halo_05, Dec 19, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 19, 2004
    #2
  3. Halo_05

    Halo_05 Private E-2

    I downloaded the file from the link, and tried to run "about:buster" again, I am still getting the same error message! :mad:

    The message reads exactly as follows: Corrupt Database, database is either corrupted or missing please download a new one.

    Any thoughts?

    Thanks,
    H
     
    Halo_05, Dec 19, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you try to download a new one?

    Did you follow the directions on the download page?
    Also, important - did you download and extract About:Buster into its own folder (nothing else in that folder)?
     
    chaslang, Dec 19, 2004
    #4
  5. Halo_05

    Halo_05 Private E-2

    Yes, I have followed all the directions regarding the "about:buster" download, and I am still getting the same message.

    Should I move on to the Generic Solution HSA?

    It seems the more scans I run, adaware etc, more and more of this stuff seems to crop up. Would it be easier just to reformat my drive?

    Thanks,
    H
     
    Halo_05, Dec 20, 2004
    #5
  6. PhilliePhan

    PhilliePhan Guest

    Hi Halo,

    Before you do that, please attach a fresh HijackThis Log. I'm cutting out for the night, but it might be a good idea to show what you are dealing with. Please be sure to follow the instructions below:

    Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

    If you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

    Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

    Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

    I imagine Chas will check back when time permits.

    PP :)
     
    PhilliePhan, Dec 20, 2004
    #6
  7. Halo_05

    Halo_05 Private E-2

    Thanks for the info, the HJT log is attached.

    H
     

    Attached Files:

    Halo_05, Dec 20, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you make sure of the following that I asked before:

    Also, important - did you download and extract about:Buster into its own folder (nothing else in that folder)?

    This is quite often the reason for get the corrupt database message.

    Note your OS and IE are seriously out of date. You must get updated to at least WinXP SP1a after we get your current issues resolved.

    Please move HJT to a folder like we specified. You have it as a subfolder of c:\documents and settings which is one of the locations we specifically ask that it not be.
    Please put it in C:\Program Files\HJT

    Before we possibly move onto the Generic Solution there are some other items to fix up not related to HSA..

    Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:
    C:\WINDOWS\System32\sehiyu.exe
    C:\WINDOWS\System32\iyupol.exe

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [tzvsppebku] C:\WINDOWS\System32\sehiyu.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKCU\..\Run: [fornROf2X] iyupol.exe
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)


    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\sehiyu.exe
    C:\WINDOWS\System32\iyupol.exe
    C:\Program Files\CSBB <--- the whole directory

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
    After posting your log do not shutdown or reboot which could cause the hijacker to more and/or spread. For security, you can physically disconnect (unplug) you internet connection while waiting for my response.

    At the current time the items of concern that relate to the hijacker are (but do not touch them yet):

    C:\WINDOWS\system32\crtz.exe
    C:\WINDOWS\system32\addew.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lmbpp.dll/sp.html#28129
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {BCC2CDCA-0A8E-418D-CBB0-5F1C7378C9AB} - C:\WINDOWS\system32\netrd.dll
    O4 - HKLM\..\Run: [addew.exe] C:\WINDOWS\system32\addew.exe
    O4 - HKLM\..\RunOnce: [crtz.exe] C:\WINDOWS\system32\crtz.exe
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\apicx32.exe (file missing)
     
    Last edited: Dec 21, 2004
    chaslang, Dec 21, 2004
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 21, 2004
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds